A year ago, many predicted that the COVID-19 stay-at-home orders and social distancing guidelines – and their impact on the economy – would result in a deluge of bankruptcy filings that could rival the Great Recession of 2008-2009. However, as we approach the one-year anniversary of former President Trump declaring the SARS-CoV-2 novel coronavirus a national emergency, that prediction has not come to pass.  

In fact, overall bankruptcy filings dropped by more than a quarter last year compared to 2019. But looking behind that figure, Chapter 11 business bankruptcies climbed 35% year over year and for corporations with more than $50 million in assets, the number rose by 194%. The majority of these new filings were from the retail industry and other businesses that suffered from the precipitous drop in consumer foot traffic and spending. The end of government-sponsored loans, rent forbearance, and similar stimulus packages may place additional stress on balance sheets and increase these numbers in 2021.

As directors and officers evaluate the ongoing financial uncertainty arising from COVID-19 and consider seeking bankruptcy protection, they might assume that they will be adequately protected by the directors’ and officers’ liability insurance put in place to protect them from situations in which the company is unable to meet its indemnification and advancement obligations.

While insurance can provide peace of mind to executives should an insolvency-related lawsuit or investigation arise, directors and officers are often surprised to learn about exclusions, conditions, or other provisions in the company’s D&O policies that insurers may rely upon to significantly limit or even outright deny coverage. In addition to disputes with insurers, executives may also face opposition from bankruptcy trustees, creditors’ committees, or third parties seeking to limit insurance payments to preserve policy proceeds to pay claims, such as for possible breach of fiduciary duties.

While the goal of protecting executives through D&O insurance is simple, the policies themselves are complex documents with multi-faceted coverages that can be heavily modified by endorsement or even manuscripted to address particular exposures within an industry or business segment.

This article highlights 10 common insolvency-related topics for a company and its directors and officers to consider before, during, and after bankruptcy to minimize risk of uncovered losses and to maximize recovery under different types of D&O policies implicated during bankruptcy.

1. Mitigate Risk with D&O Insurance Before Bankruptcy

Robust D&O insurance programs protecting both the entity and its current and former officers and directors should be part of a company’s regular risk mitigation strategy well before any potential insolvency proceedings. Prior to any bankruptcy, however, the company should ensure that the policies it purchases will afford “runoff” coverage (also referred to as “tail” coverage or “extended reporting periods”) once the policies expire or a “change in control” (discussed below) occurs during bankruptcy.

Tail or runoff coverage is an extension of the D&O policy that allows insureds to continue reporting claims to the insurer after the policy expires or terminates. If a company sells its assets, is acquired, or otherwise undergoes a change in ownership, tail coverage protects former directors and officers, usually for a period of a year or more, for future claims alleging conduct by the directors and officers that occurred prior to the time the policy expired.

Many D&O policies provide automatic runoff at policy termination, subject to payment of additional premium or satisfying other conditions; but companies also can often negotiate new or different runoff coverage terms in advance of any planned bankruptcy.

In addition to ensuring adequate runoff coverage, executives should also consider a number of other policies to protect their interests in the event that the company’s D&O policy falls short. This includes purchasing policies to indemnify the individual directors and officers in circumstances:

• where the company refuses or is unable to indemnify executives due to insolvency (often referred to as “Side‑A only” coverage);
• where the company’s primary or excess policies do not respond to a particular loss, leaving individual insureds personally exposed (“difference-in-conditions” insurance);
• where executives are retained by a debtor to assist with the remaining operation, liquidation, or winding down of the debtor’s business (“winding down” coverage); or
• where independent directors sitting on public, private, or non-profit company boards may benefit from specialty umbrella coverages tailored to protect personal assets.

While D&O insurance issues can be addressed immediately preceding, or even during, insolvency proceedings, the best time to consider all of the above coverages and how they work together to best protect the company and its directors and officers is on a “clear day.” There are better opportunities to tailor favorable coverage at policy placement or renewal when there may be fewer financial constraints in devoting resources to more fulsome insurance protections, and the company’s and executives’ interests are more likely to be aligned.

2. Accessing the Debtor’s D&O Insurance Policies

It is well established that insurance policies issued to a company become property of the estate when that company files bankruptcy. When a policy provides for payment only to a third party, such as payments to officers and directors under an executive risk insurance policy, courts have generally held that the proceeds of such policy are not property of the estate. As a result, a bankruptcy filing should not bar directors and officers from accessing the proceeds of a D&O policy. 

Frequently, the insurer and covered executives will coordinate to seek an order from the bankruptcy court authorizing the payment of policy proceeds. An estate representative, such as a Chapter 7 trustee or creditors’ committee, may request that the bankruptcy court impose limitations on access to the policy proceeds if the estate representative believes that there may be claims against the executives. Such limitations might include a cap on payment of defense costs to executives or reporting requirements for the insurer so that interested parties can monitor the availability of remaining policy proceeds. Court orders governing access to D&O policy proceeds are typically negotiated and fact dependent.

Understanding and facilitating access to the debtor’s D&O insurance is useful, not only for protection of the debtor’s executives, but also for minimizing exposure of outside directors (including those appointed by private equity firms or other investors) who are sued in their director capacities on behalf of the debtor. It is critical to continually monitor and adjust D&O coverage across all potentially triggered programs, including management liability policies issued to cover outside directors, to avoid coverage gaps and maximize recovery in the event of a claim.

3. The Automatic Stay Does Not Affect Claims Against Directors and Officers

While a company’s bankruptcy filing generally stays all claims against the company, the automatic stay does not apply to a company’s directors and officers. In certain circumstances, a debtor may seek to extend the stay to third-party claims against directors and officers if it can be shown that the continuation of such claims could impair a company’s ability to effectively reorganize. Such a situation would not include the assertion of director or officer liability claims by a Chapter 7 trustee or other estate representative, such as a creditors’ committee, if the company is not pursuing a reorganization.

An effective reorganization may include the negotiation of a release of directors and officers or limitations on pursuit of director and officer liability claims, such as limiting such claims to the proceeds of a D&O policy. Experienced bankruptcy and coverage counsel can ensure that executives navigate potential claims to minimize exposure and maximize D&O insurance protections.

4. Waiver Provisions and the Automatic Stay

While the automatic stay can protect a debtor from claims during bankruptcy, it can also pose issues to insureds in the event directors or officers need to submit their own “claim” to recover under the debtor’s D&O policies – especially since the insurer, the court, or other stakeholders may oppose the claims. With respect to the rights of the parties to the insurance contract, those risks can be mitigated in part by endorsing D&O policies with provisions clarifying, among other things:

• that bankruptcy or insolvency of the company does not relieve the insurer of its obligations under the policy;
• that the policy is intended to protect the individual director-and-officer insureds; and
• that the parties waive any automatic stay that may apply to recovery of policy proceeds.

The effectiveness of such waiver may vary from jurisdiction to jurisdiction.

5. Filing a Petition May Not Trigger Runoff in D&O Policies

Even where companies have adequate D&O insurance with runoff coverage that will continue to protect directors and officers long after the bankruptcy concludes, many executives assume that the policy’s current coverage will terminate and go into runoff automatically upon the filing of a bankruptcy petition. That is not usually the case, although there are scenarios where a bankruptcy filing and runoff trigger may occur around the same time.

Instead, policies typically contain a “change in control” provision that provides a list of enumerated events that terminate current coverage and place the policy into runoff, limiting going-forward coverage to claims noticed during the extended reporting period that allege wrongful acts by the insured occurring before the change in control. Provisions vary between policies but generally speaking, a change in control occurs if:

• the named insured consolidates with or merges into another entity;
• the named insured sells all or substantially all of its assets to another entity; or
• any person or entity acquires management control (i.e., greater than 50% of voting power to appoint board or management committee members) of the named insured.

Those kinds of acquisitions or asset sales may not occur until after a plan of reorganization is confirmed or, at a minimum, until the debtor provides notice to interested parties of its intent to sells its assets, and the bankruptcy court approves the sale process, which can occur months after the petition date. The delay between the petition date and a change in control can raise a number of D&O insurance considerations – most notably a potential lapse in coverage if the company’s policy is set to expire before a transaction or sale can be effectuated. This can be solved preemptively by negotiating an extension of the company’s current D&O policies to continue coverage beyond the expected plan confirmation or transaction effective date, although any such extension likely requires additional premium payments.

The cost of making even a seemingly simple modification to a debtor’s D&O coverage can be substantial. While bankruptcy courts generally allow debtors to maintain D&O insurance, the need for ongoing insurance funding can be cause for alarm for former directors and officers and other individuals or entities who may need to access the debtor’s D&O coverage but are not involved in the ongoing financial decisions of the company during bankruptcy.

6. Retentions and Non-Indemnifiable Loss

Executives should be aware of all possible payments they may be called on to make in defending against claims in the event the company is unwilling or unable to indemnify them. Those “retention” payments – also called “deductibles” or “self-insured retentions” – are the amount of money the insured is required to pay before the D&O insurer will start paying. There are two primary issues in evaluating retentions in bankruptcy.

The first is understanding what retentions apply to each type of D&O coverage. Typically, retentions apply to claims made against officers and directors that are indemnified by the company (“Side‑B” coverage), while there is usually no retention for claims against individual officers and directors that are “non-indemnifiable” by the company (“Side‑A” coverage). Directors and officers should understand the difference between the two coverages and what, if any, retention applies to Side‑A claims where they may be personally liable in the absence of reimbursement from the insurer.

The distinction between Side‑A and Side‑B coverage raises a second issue: what constitutes “non-indemnifiable” loss sufficient to avoid a retention and make sure that the insurer is paying “first dollar” for any loss? Policy language varies greatly, but many D&O policies have presumptive indemnification, meaning that the insurer assumes that the company will indemnify executives to the fullest extent permissible under the law and, as a result, will only consider loss “non-indemnifiable” if the company is truly unable to pay. Policies may also expressly recognize that a company in bankruptcy is presumed to be insolvent and, therefore, unable to indemnify.

Issues may arise in bankruptcy, however, where a policy does not make clear that the inability to pay includes financial insolvency, allowing the insurer to argue that Side‑A coverage does not apply (and the executive is subject to a steep retention) because, even though the company has no resources to pay, it is still permitted to pay under controlling corporate governance documents and applicable law. Critical policy provisions addressing permissible, required, actual, and other variations on company indemnification can raise ambiguities impacting or even negating coverage for directors and officers during bankruptcy. These ambiguities can be avoided by adequately addressing financial insolvency and its impact on retentions during policy placement or renewal.

7. D&O Exclusions and “Final Adjudication”

D&O policies contain many exclusions, but the most common insolvency-related example is the “insured vs. insured” exclusion, which bars coverage for claims brought by or on behalf of one insured against another insured. The aim of these provisions is to discourage company infighting by removing it from the ambit of the company’s D&O coverage and to avoid collusion between insureds who may assert claims driven in whole or in part by a desire to recover under insurance policies.

Serious issues can arise in bankruptcy outside of these traditional examples if, for example, a bankruptcy or liquidation trustee, creditors’ committee with derivative standing, or receiver (including the FDIC) asserts a claim against directors and officers on behalf of the debtor. Absent appropriate carve-outs to the insured vs. insured exclusion, insurers may argue that coverage is negated because, as representatives of the debtor company, those bankruptcy entities are considered insureds subject to the exclusion. Executives should ensure that any D&O policy has appropriate exceptions to the otherwise broad insured-vs.-insured exclusion that protects coverage in these situations.

In addition to raising issues under the insured vs. insured exclusion, adversary proceedings brought by bankruptcy or liquidation trustees asserting claims against directors and officers can implicate D&O exclusions for deliberate criminal, fraudulent, or dishonest acts, such as allegations of reckless or intentional conduct in breaching fiduciary duties. Those allegations, even if groundless, can pose significant obstacles to advancing legal fees and expenses unless the D&O policy’s “conduct” exclusions include a “final adjudication” requirement that prevents insurers from refusing coverage under the exclusion until the criminal, fraudulent, or dishonest acts are established by a final, non-appealable adjudication.

Even if conduct exclusions contain final adjudication language, the effectiveness of those requirements can vary widely between policies. For example, is the exclusion triggered based on final adjudications in any proceeding or only the underlying proceeding, and does such adjudication need to be adverse to the insured? These and other nuances in exclusionary language can play critical roles in maximizing executive protection during bankruptcy (and other proceedings).

8. Priority of Payment Provisions

In many instances, a debtor’s insurance policies will be one of the more valuable assets of its estate. To make matters worse, as previewed throughout this article, insolvency can lead to a number of new claims against both the company and its directors and officers at a time when the company is not in a financial position to defend itself or provide indemnification. For those reasons, there often are competing claims to recover policy proceeds that involve losses far exceeding the available limits.

Claims against different insureds may proceed on different tracks. For instance, a settlement in one matter may risk exhaustion of full limits, while a separate lawsuit against only the company’s directors and officers continues to trial after incurring millions of dollars in legal fees. This risk can be mitigated in large part by purchasing the “Side‑A only” policies discussed above, which afford separate limits to executives that cannot be impaired by claims against the company (or reimbursement to the company for indemnification paid to individual insureds).

Where executives have access only to the company’s D&O policies, however, they should ensure that all policies have a “priority of payments” provision that prioritizes “Side‑A” payments to individuals before all other kinds of payments. A priority of payments provision can also clarify that the company has a right to coverage only after all claims against individual directors and officers have been satisfied or even prohibit any payments to the company absent written approval by the board.

9. Allocation Provisions

Claims during bankruptcy can involve a number of different theories of liability, different entity and individual defendants across different stages of the debtor’s corporate history, and a variety of damages, not all of which may be covered by D&O policies. In these “mixed” claim scenarios, policyholders should understand how covered and potentially uncovered losses may be treated under D&O policies or, more specifically, what grounds insurers may raise to limit coverage to something less than all claims and damages asserted in the litigation.

Policies may be silent on “allocation,” particularly with respect to defense costs incurred by a law firm representing multiple defendants, only some of whom are insureds under the D&O policy. In those instances, many courts have held that insurers must reimburse 100% of legal fees and expenses as long as they “reasonably relate” to covered claims, even if the defense benefits non-covered claims or non-insured defendants.

Other policies, however, have explicit allocation provisions that require a particular method of allocation, such as requiring the insurer and policyholder to use their “best efforts” to determine a “fair and appropriate allocation” between covered and uncovered costs based on “the relative legal and financial exposure of the parties.” Such provisions commonly provide a process for resolving allocation disputes where the insurer must advance only those defense costs it believes to be covered until a different allocation is negotiated or determined in court or arbitration.

The best approach to avoiding allocation disputes is modifying the policy to include a provision explicitly stating that the insurer will advance 100% of defense costs as long as any claim triggers the duty to pay such costs. Working with coverage counsel and insurance brokers to understand allocation and, if needed, negotiate favorable terms well in advance of any claim is key to ensuring that directors and officers receive adequate protection for covered claims during bankruptcy.

10. Avoid Cancelled Policies

In line with all of the commentary above, many directors and officers recognize the importance of placing and renewing D&O insurance protection well in advance of any insolvency, including runoff coverage to protect executives long after they have resigned. When a claim arises during bankruptcy, insureds understandably look to the debtor’s coverage as the first line of defense.

In some instances, those directors and officers may be surprised to learn that the policy they had carefully crafted was cancelled – not by the company, but by the bankruptcy trustee, who recovered the policy premium for the benefit of the estate at the expense of leaving the debtor’s officers and directors unprotected. Thus, policyholders should confirm that D&O policies have provisions stating that they cannot be cancelled for any reason except for non-payment of premium, even if the cancellation is being requested by the insured (including a bankruptcy trustee or other entity acting in the capacity of the insured).

On November 30, 2020, the Consumer Financial Protection Bureau (“CFPB”) released an advisory opinion concerning earned wage access (“EWA”) products. The Bureau addressed whether EWA providers are offering or extending “credit” as that term is defined by Regulation Z and concluded that the “Covered EWA Programs” do not involve the offering or extension of credit under Reg. Z. On December 30, the CFPB issued a compliance assistance sandbox (“CAS”) approval order to PayActiv related to certain aspects of its EWA products.

What are Earned Wage Access Programs? 

EWA programs typically enable employers to advance a certain amount of accrued wages to employees before the employees receive their regular paychecks. The employer settles-up the amount advanced through payroll deductions or bank account debits from the employee’s subsequent paycheck. In many cases third-party “EWA providers” work with the employer, the employee, or both assist in streamlining this type of wage advance.

What is the Uncertainty Around EWA Programs that the CFPB Was Asked to Address in its Advisory Opinion?

EWA providers—and the CFPB itself—identified uncertainty over whether the Truth in Lending Act (“TILA”) and its implementing regulation, Regulation Z, apply to EWA programs. Regulation Z generally applies to extensions of “credit” when four conditions are met:

• the credit is offered or extended to consumers;
• the offering or extending of credit is done regularly;
• the credit is subject to a finance charge or is payable by a written agreement in more than four installments; and
• the credit is primarily for personal, family, or household purposes.

12 C.F.R. § 1026.1(c)(1).

Regulation Z defines “credit” to mean the right to defer payment of debt or to incur debt and defer its payment. 12 C.F.R. § 1026.2(14).

What Does the Advisory Opinion Do to Resolve the Uncertainty?

The CFPB concluded that a “Covered EWA Program” is not an extension of credit and thus not subject to Regulation Z. A Covered EWA Program must meet the following criteria:

• The EWA program provider contracts with the employer to offer and provide EWA services.
• The amount of each advance does not exceed the accrued cash value of the wages the employee has earned up to the date and time of the transaction, as determined by the employer.
• The employee pays no fee – voluntary or otherwise – to access EWA funds or otherwise use the EWA program. The advance must be sent to an account of the employee’s choice. If the account receiving the advance is a prepaid account as defined under Regulation E and that account is offered by the provider, then additional fee restrictions apply.
• The provider recovers the advance only through an employer-facilitated payroll deduction from the employee’s next paycheck. One additional deduction may be attempted in the event of a failed or partial payroll deduction due to administrative or technical errors.
• In the event of a failed or partial payroll deduction, the provider maintains no legal or contractual remedy against the employee. This does not, however, prevent the provider from declining to offer the employee additional EWA transactions.
• The provider must clearly and conspicuously make certain warranties to the employee, including:
  • that there will be no fees,
  • that the provider has no recourse against the employee, and
  • that the provider will not engage in any debt collection activities.
• The provider may not directly or indirectly assess the credit risk of the employee.

The CFPB concluded that a Covered EWA Program does not provide consumers with “credit” for the following reasons:

• EWA transactions do not provide employees with the right to defer payment of debt or to incur debt and defer its payment because Covered EWA Programs do not implicate a “debt.”
• EWA transactions operate like advances on accrued cash value of an insurance policy (or a pension account), where there is no independent obligation to repay. Advances on accrued cash value of insurance policies and pension accounts are not considered credit under Regulation Z.
• The aspects of a Covered EWA Program differ in kind from products the CFPB would generally consider to be credit.
• This treatment of Covered EWA Programs is consistent with the CFPB’s discussion of EWA products in the 2017 Payday Lending Rule.

The CFPB’s guidance is consistent with the Regulation Z definition of “credit.” A transaction that does not create “debt” cannot constitute “credit.” Accordingly, a transaction that does not impose a “legal or contractual remedy” for non-payment, is arguably not a credit transaction under Regulation Z. The CFPB has invited feedback to evaluate whether to provide additional guidance about programs that differ from those addressed in the advisory opinion.

What is the Bureau’s CAS Policy?

The Bureau’s CAS Policy offers certain limited safe harbors to approved programs, subject to good faith compliance with the Bureau’s approval order. PayActiv’s approval order protects the company from liability under TILA. Provisions of the order include:

• PayActiv contracts with employers to offer and provide EWA services.
• PayActiv warrants to the employee as part of the contract between the parties that:
  • PayActiv will not impose fees, aside from the fee charged under one of the models;
  • PayActiv has no recourse against the employee, including no right to take payment from any consumer account; and
  • PayActiv will not engage in any debt collection activities.
• PayActiv does not directly or indirectly assess the credit risk of individual employees.
• The advance amount is capped at the accrued cash value of the wages the employee has earned at the time of the transaction, as verified by information from the employer.
• PayActiv offers two programs to consumers, one of which does not require the employee to pay any fee, voluntary or otherwise, to use the EWA program. The other program is explained in more detail below.
• PayActiv recovers the advance through an employer’s payroll deduction from the employee’s next paycheck. If a payroll deduction is unsuccessful due to administrative or technical errors, then PayActiv attempts one additional deduction.
• If a payroll deduction is not successful, PayActiv has no remedy against the employee, although PayActiv may refrain from offering the employee additional advances.

Does the CAS Approval Differ at All from the CFPB’s Advisory Opinion?

Though PayActiv’s program specifications are nearly identical to the criteria for a Covered EWA Program under the CFPB’s advisory opinion, there is a key difference. The November advisory opinion forecasted that some EWA programs may be charging nominal processing fees that do not involve the extension of “credit.” While the advisory opinion does not cover such programs, it offered providers the opportunity to “request clarification from the Bureau about a specific fee structure” by applying for an approval “under the Policy on the Compliance Assistance Sandbox.” PayActiv did just that.

While PayActiv offers a no-fee program, it also offers its “PayActiv Access Choice” program that charges a $1 non-recurring fee to employees who do not have a PayActiv-facilitated account. That fee provides access to an unlimited number of transactions during a one-day access window. If the employee accesses funds on multiple days during a single pay period, then fees are capped at $3 for a one-week period and $5 for a bi-weekly period. PayActiv does not charge fees to open a PayActiv-facilitated account.

What Does the Approval Order Mean Going Forward for Fees in EWA Transactions?

While the CFPB has clarified that an EWA provider can charge fees in some circumstances without the program being considered credit, it is not clear how the CFPB (and other regulators) will distinguish credit and non-credit programs. It’s clear that to qualify as non-credit, there cannot be a debt (i.e., there cannot be a legal claim to repayment against the employee). When an employee accesses accrued cash value of earned wages, and the wages are then routed to the EWA provider by employer-facilitated payroll deductions, rather than a contractual obligation imposed on the consumer, it seems there is no consumer debt or claim. This is especially the case when the fee charged:

• is comparable to expedited transfer fee for non-credit products,
• does not vary based on the amount of the transaction or repayment period, and
• isn’t based on the employee’s creditworthiness.

To further support characterization of EWA as non-credit, EWA providers agree to refrain from collections activity, negative credit reporting, and imposing late fees.

Despite the factors identified above, there are some aspects of some EWA programs that may give pause to some regulators or consumer advocates. While the CFPB called PayActiv’s fee “nominal,” in an EWA, in an actual credit transaction, a $5 finance charge for a two-week period on a $100 wage advance would yield a triple-digit annual percentage rate. While this rate of return is 1/3 of the rate of return on a typical payday loan, if an EWA were considered credit, then that type of rate of return would be triple the 36% APR limitation supported by consumer advocates. Of course, there are numerous types of non-credit cash advances that would have high APRs if they were deemed “credit.” For example, an ATM machine advancing $20 for a $2 fee yields an annualized rate of return that is 10 times as much as a typical payday lender’s APR.

Since EWAs involve a cash advance of earned wages to an employee and a hope of future settlement on the employee’s payday, some regulators may be taking the position that EWA is credit. In August of 2019, numerous state regulators announced an action alleging that certain organizations advancing wages were engaged in unlawful lending, in part because they charged tips, monthly membership fees, or other fees. In January of 2021, the California Department of Financial Protection and Innovation (“DFPI”) released five separate memoranda of understanding with EWA providers that outline certain “rules of the road” for providing EWA products in California while allowing the DFPI to collect additional information on how EWA products are offered and used.

Of course, the CFPB’s approval order applies only to PayActiv and the specific product it outlined in its CAS application.  Other companies are not authorized to rely on the same safe harbors for protection from the CFPB, let alone other regulators who are not part of the CAS process. Even so, the CFPB’s introduction of “nominal fees” into its regulatory calculus regarding EWA creates a potential disconnect between the CFPB and other regulators, and until a company unwittingly falls in the middle, we may not know the resolution of this disconnect.

A recent decision from the United States District Court for the District of Columbia emphasized that neither attorney-client privilege nor work product protection will shield a report provided by a third party retained by counsel where the report provides non-legal advice.** 

Guo Wengui v. Clark Hill, PLC,[1] arose from the cybersecurity breach of a law firm’s database on September 12, 2017.  After confidential information about him was publicly disseminated, a client (Wengui) sued the law firm (Clark Hill) claiming that it failed to take sufficient precautions to protect his data.  Immediately after learning about the breach, Clark Hill ordered an investigation into what had occurred.  It employed its regular cyber security provider, eSentire, to investigate and remediate, as appropriate.  The purported purpose of eSentire’s work was for “business continuity.”[2] 

Two days later, on September 14, 2017, while the breach may still have been ongoing, Clark Hill hired a law firm, Musick, Peeler & Garrett (“MP&G”), to provide legal advice relating to the incident.  MP&G hired an independent cyber security firm, Duff & Phelps, to assist MP&G in providing legal advice to Clark Hill and to prepare for anticipated litigation.  Duff & Phelps went on site on September 14, 2017.[3]  It ultimately produced a full investigative report which included “specific remediation advice.”[4]  The General Counsel of Clark Hill, Edward Hood, reviewed the report.  Hood then shared the report with “select members of the leadership and IT team” at Clark Hill.[5] Clark Hill also shared the report with the Federal Bureau of Investigation (“FBI”) in connection with the FBI’s investigation of the incident.[6]

Litigation was, in fact, filed in September 2019.  During the course of discovery, the client requested “all reports of [Clark Hills’s] forensic investigation into the cyberattack.”[7] The client also served interrogatories asking Clark Hill to state the facts or reasons why the attack occurred.[8]  Clark Hill responded to the document production requests by providing (among other things) documents from eSentire.  Notably, the partial production did not include any formal report or any specific findings from eSentire on the cause of the breach.[9] 

Clark Hill objected to producing other responsive documents and to answering the interrogatories, claiming that the information from Duff & Phelps was protected by the attorney-client privilege and work product protection.  It maintained that its understanding of the cause of the attack came solely from the investigation performed by Duff & Phelps, which was ordered by MP&G to provide legal advice and in anticipation of litigation.[10] 

Plaintiff disagreed and filed a motion for sanctions.  On January 21, 2021, the court granted the motion for sanctions, finding that the attorney-client privilege and the work product protection doctrine did not apply to the requested information.

Attorney-client privilege

Generally, the attorney-client privilege applies to “a confidential communication between attorney and client if that communication was made for the purpose of obtaining or providing legal advice to the client.”[11]  The Duff & Phelps report was not a communication between attorney and client.  Courts have recognized, however, that certain documents prepared by third parties may be covered by the privilege if the document was prepared to help facilitate the provision of legal advice by, for example, explaining technical materials or acting in the capacity of a translator.[12]  The courts have cautioned that this principle must be narrowly applied – if the advice sought by the client is really the advice of the third party, and not the lawyer, no privilege would exist.[13]

The Wengui court readily concluded that the advice in the Duff & Phelps report was cybersecurity advice, and not legal advice, and therefore not protected by the attorney-client privilege.[14]

Work Product Doctrine

In federal court, the work product protection doctrine shields from discovery certain materials prepared in anticipation of litigation.  Under Federal Rule of Civil Procedure 26(b), “[o]rdinarily, a party may not discover documents and tangible things that are prepared in anticipation of litigation . . . by or for another party or its representative (including the other party’s attorney, consultant, . . . or agent).”[15]  The Wengui court then applied the “because of” standard in order to determine whether a document was “prepared in anticipation of litigation.”  The “because of” test asks “whether, in light of the nature of the document and the factual situation in the particular case, the document can fairly be said to have been prepared or obtained because of the prospect of litigation.”[16]  As the court further explained, “[w]here a document would have been created ‘in substantially similar form’ regardless of the litigation,” it fails that test, meaning that “work product protection is not available.”[17]    

The Wengui court found it “highly likely” that Clark Hill would have investigated the cause of the cybersecurity breach and steps to remediate it whether or not the firm was anticipating litigation.  The court favorably cited other decisions which held that investigating a cyber breach is a necessary business function.  After the court’s in camera review of the report, the court concluded that “substantially the same” document would have been prepared in the normal course of business.[18] 

Key Case Clearly Distinguishable

Clark Hill primarily relied on the case of In re Target Corp. Customer Data Sec. Breach Litig.[19] to support both theories to shield production of the information.  The court easily distinguished the facts in Wengui from the Target case in connection with both arguments. 

With respect to the work product doctrine, the court rejected Clark Hill’s view that there were two tracks to the investigation which led to the protection of the Duff & Phelps report:  1) the eSentire track allegedly being the one conducted in the normal course; and 2) the Duff & Phelps report supposedly being prepared solely to assist in the legal representation.  The court found that the Duff & Phelps report was prepared instead of, rather than in addition to, the work performed by eSentire.[20]  Indeed, Duff & Phelps began its work within days of Clark Hill discovering the breach, while the breach was ongoing.  eSentire never produced a report or any findings about the cause of the breach.  The General Counsel of Clark Hill shared the report with a broad audience, including in-house leadership, IT and Clark Hill also shared it with the FBI in connection with the FBI’s investigation.  The court concluded that these non-litigation uses of the report demonstrated that the report was not prepared “because of” litigation.  Merely “paper[ing]” the report through attorneys did not shield it from disclosure.[21]

As for the attorney-client privilege, there were three distinguishing facts in Target.  First, Target established that it took the “two track” approach.  Second, the report that was shielded from disclosure by the court in that case was not shared with a wide audience.  Third, the Target report, unlike the Duff & Phelps report, did not include specific suggestions for remediation.[22] 

What about In re Kellogg Brown & Root, Inc.?[23]

Although the court cited In re Kellogg Brown & Root, Inc.,[24] the court did not apply its holding even though it appears directly applicable to Clark Hill’s case.  The In re Kellogg Brown & Root, Inc., court addressed the standard to apply in determining whether an investigative report was protected by the attorney-client privilege.  There, the appellate court rejected the “but for” test in favor of “a primary purpose” test.

Kellogg Brown & Root (“KBR”) received an employee tip about potential misconduct in connection with administering government contracts – specifically, inflating costs and accepting kickbacks.[25]  KBR initiated an internal investigation, led by its Law Department, as required by its Code of Business Conduct.[26]  Some, but not all, of the interviews were conducted by in-house attorneys, others were conducted by investigators at the direction of counsel.  No outside counsel was retained.[27]  A report of the investigation was prepared.  A KBR employee then filed a whistleblower complaint relating to the same conduct.

The plaintiff/employee sought the production of documents related to KBR’s internal investigation.  KBR objected on the basis of the attorney-client privilege.  The lower court ordered production of the documents, but the Court of Appeals reversed.  The Court of Appeals ruled that often there is not one primary purpose – legal and/or business – for a communication.  The test is, rather, whether “obtaining or providing legal advice” was “a primary purpose of the communication.”[28]  The Appeals Court found that the privilege applies even though interviews may be conducted by non-attorneys, if they are conducted at the direction of attorneys, and therefore by non-lawyers acting as legal agents.

Had the court in Wengui held that the report at issue included some legal advice, and applied the standard from In re Kellogg Brown & Root, would the decision have been different?  Probably not.  The investigation by KBR clearly was controlled by the Law Department to gain facts in order to provide advice to the company.  Those interviewed were told about the purpose of the investigation and that the information would be held in confidence.  The information was not shared beyond those with a need to know, and certainly not with any outside agency.  And, based on the facts found by the Wengui court, learning what happened in the cybersecurity breach in order to properly remediate it was the only real purpose of the Duff & Phelps report.  eSentire, the normal service provider, was not the entity tasked with determining the required remediation procedures.

Lessons Learned

Wengui emphasizes the following principles:

• The mere fact that communication is made to an attorney does not mean the communication is privileged; and
• Materials are not automatically protected by the privilege merely because they are provided to or prepared by an attorney.[29]

Building upon those principles, here are some steps counsel can take to preserve privilege protection for investigation materials, whether prepared by counsel or a third party at the direction of counsel:

• Clearly communicate that the investigation is being performed in order to secure legal advice;
• Prepare an investigation plan;
• Perform the interviews or create the template for questions to be asked;
• Schedule regular briefings as the investigation proceeds;
• Provide analyses of the information gleaned during the investigation;
• Provide recommendations of legal steps to take as a result; and
• Limit distribution of any report to those who actually need the information as part of their job responsibilities in connection with the investigation.

**  Hope A. Comisky is a member of Griesing Law, LLC. Hope A. Comisky is a Member of Griesing Law, LLC and Chair of the Firm’s Employment and Ethics & Professional Responsibility practice groups. She is a top-ranked employment attorney and an experienced arbiter with over thirty-five years of employment and litigation experience. She counsels clients on employment and professional responsibility issues, provides training and offers strategic advice on employment litigation matters and professional responsibility initiatives. Hope is also a frequent lecturer and author on employment law and professional responsibility topics. She received her B.A. from Cornell University and J.D. from the University of Pennsylvania Law School. She can be reached at [email protected].

[1] No. 19-3195, 2021 WL 106417 (D.D.C. January 12, 2021).

[2] 2021 WL 106417, at *3.

[3] 2021 WL 106417, at *4.

[4] 2021 WL 106417, at *6.

[5] 2021 WL 106417, at *5.

[6] Wengui is a Chinese fugitive who is a target for the Chinese Communist Party (CCP) and often referred to as an activist or dissident.  https://foreignpolicy.com/2020/08/26/guo-wengui-chinese-billionaire-emigre-links-steve-bannon/

[7] 2021 WL 106417, at *1.

[8] 2021 WL 106417, at *1.

[9] 2021 WL 106417, at *4.

[10] 2021 WL 106417, at *1.

[11] In re Kellogg Brown & Root, Inc., 756 F.3d 754, 757 (D.C. Cir. 2014). 

[12] See, the leading case of United States v. Kovel, 296 F.2d 918, 921-22 (2d Cir. 1961).

[13] 296 F.2d at 922-23.

[14] 2021 WL 106417, at *6.

[15] Fed R. Civ. P. 26(b)(3)(A).  

[16] 2021 WL 106417, at *2, citing United States v. Deloitte LLP, 610 F.3d 129, 137 (D.C. Cir. 2010) (citations omitted).

[17] 2021 WL 106417, at *2, citing FTC v. BoehringerIngelheim Pharms., Inc., 778 F.3d 142, 149 (D.C. Cir. 2015) (quoting Deloitte, 610 F.3d at 138). 

[18] 2021 WL 106417, at *2.

[19]  In re Target Corp. Customer Data Sec. Breach Litig., MDL No. 14-2522, 2015 WL 6777384 (D. Minn. Oct. 23, 2015).

[20] 2021 WL 106417, at *4.

[21] 2021 WL 106417, at *4.

[22] See, In re Target Corp. Customer Data Sec. Breach Litig., 2015 WL 6777384, at *2-*3.

[23] 756 F.3d 754, 757 (D.C. Cir. 2014).

[24] 756 F.3d at 759-760.

[25] 756 F.3d at 756.

[26] 756 F.3d at 756.

[27] 756 F.3d at 757-58.

[28] 756 F.3d at 760 (emphasis added).  

[29] Although outside the scope of this article, the court also addressed a third argument with respect to the request by Wengui for production of “[a]ll documents reflecting that the ‘hacking’ . . . resulted in a third party’s obtaining . . . information, data, or material regarding any Clark Hill client other than or in addition to plaintiff.”  The court granted the motion to compel stating that any confidentiality concerns could be remedied by redacting the clients’ names.  2021 WL 106417, at *1, *6-*7.

Special Purpose Acquisition Company (SPAC) transactions have experienced a meteoric rise in the capital markets.  In 2019, there were 59 SPAC Initial Public Offerings (IPOs) with gross proceeds of approximately $14 billion.  In 2020, there were 248 SPAC IPOs with gross proceeds of approximately $83 billion[1] – an astronomical  320% increase in the number of SPAC IPOs and 500% year-to-year increase in gross proceeds.  Generally, SPACs have maintained a similar structure.  However, a recent SPAC, Pershing Square Tontine Holdings, Ltd., in conjunction with fundamental M&A law, might have unleashed market forces that will fundamentally transform the prevailing structure of SPACs.

A SPAC is a publicly-traded blank check company created to take a private company public through a merger.[2]  In a SPAC IPO, a SPAC generally offers units, each consisting of one share of common stock and a warrant to purchase a fraction of common stock at a set price.  Subject to the terms in the prospectus, the common stock and warrants from the units become separately and freely transferable after the IPO.  A SPAC typically has two years to identify a target company and complete the business combination, often referred to as a “de-SPAC” transaction, or liquidate and return the proceeds from the IPO to the shareholders.  Additionally, when a SPAC proposes a merger, the shareholders have the option to participate in the merger or redeem their shares at the initial IPO price with accrued interest. 

Benefits of SPAC Transactions

SPACs have several benefits from a transactional engineering standpoint.  Primarily, SPACs provide private companies an avenue to go public with less liability exposure from federal securities laws, and provide flexibility in M&A transactions.  In a recently published article, I surmised that “the only significant liability distinction between public and private securities is the heightened pleading standard of scienter-based causes of action” associated with private securities.  Stated succinctly, IPO issuers have exposure to the strict liability causes of action in §§ 11 and 12 of the Securities Act.  Conversely, plaintiffs in causes of actions stemming from private securities are relegated to § 10(b) of the Exchange Act, which requires a showing of scienter; and scienter has become increasingly difficult to establish since the Supreme Court added a plausibility standard to pleading requirements. In effect, SPACs reduce §§ 11 and 12 liability significantly for private companies looking to go public.

Additionally, M&A lawyers often herald SPACs’ advantages over conventional IPOs and M&A transactions.  These advantages include a SPAC’s potential to improve the conventional IPO process by reducing information asymmetry, increasing price and deal certainty, improving efficiency, and providing the potential for flexible deal terms.[4] From a policy perspective, proponents of SPACs argue that SPACs democratize investing and allow non-accredited investors to invest alongside private equity and hedge fund managers in potentially lucrative deals. 

Downside of SPAC Transactions

Critics of SPACs argue that the investment structure is extremely and unnecessarily dilutive.  The dilution stems from the compensation sponsors receive in the form of a sponsor’s “promote” (typically 20% of the post-IPO equity); underwriting fees (typically 5% of the IPO proceeds); and SPAC warrants and rights.  Inevitably, the non-redeeming SPAC shareholders and/or the target company shareholders absorb the dilution inherent in conventional SPAC structures.[5]  Additionally, because the sponsor’s promote and associated rights partially protect sponsors from the downside of a de-SPAC transaction, traditional SPAC structures have the potential to create a moral hazard problem, and may lead to conflicts of interests between the sponsors and SPAC shareholders.  On December 22, 2020, the SEC issued a CF Disclosure Guidance highlighting this issue.[6]

The Pershing Square Tontine SPAC Model

The Pershing Square Tontine Holdings, Ltd. (PSTH) SPAC features numerous provisions that set it apart from conventional SPAC structures.[7]  Of particular note:

• The PSTH sponsors will not receive the traditional 20% promote of the post-IPO common stock for a nominal price. Instead, the sponsors will purchase Sponsor Warrants at fair market value, with an exercise price of $24.00 per share.
• PSTH Sponsor Warrants are generally not transferable or exercisable until three years after a de-SPAC transaction.
• PSTH Sponsor Warrants are not exercisable until the common stock value is at least 20% higher than the IPO price.
• The fractional warrants associated with the PSTH SPAC units are considerably lower than conventional SPAC warrants. The terms of the warrants are engineered to reward non-redeeming shareholders and minimize gains for short-term investors.

PSTH’s structure mitigates several of the structural concerns of SPACs, which might give the PSTH structure a competitive advantage over conventional SPACs in the capital market, and perhaps more importantly, in the market for suitable acquisition targets.  The PSTH model is less dilutive than conventional SPAC models; additionally, the warrant structure of the PSTH model aligns the downside for sponsors with its common stock shareholders and target companies’ shareholders.

As it relates to the capital market, the PSTH model might be more attractive to some investors and less so to others.  Investors who are inclined to divest their shares before the consummations of the de-SPAC transaction will be less attracted to the redemption and warrant rights of the PSTH model.  However, the PSTH model might be able to offset the loss of capital from short-term investors with that from traditional institutional investors.  To the extent the PSTH model transforms the compensation to SPAC sponsors to align sponsors’ interest with that of SPAC shareholders and create a fee structure that resembles conventional hedge funds and private equity funds, SPACs that use the PSTH model might become more attractive to institutional investors.  Additionally, the PSTH model might help assuage regulators’ and policymakers’ concerns as retail investors participate in investment activities traditionally relegated to accredited investors through SPACs, while the debate over the proper balance between investor protection and democratizing finance unfolds.

Of particular note, fundamental M&A law might give the PSTH model a competitive advantage when bidding for a suitable acquisition target.  Under Delaware law and many other jurisdictions, a target company’s board has a fiduciary duty to “seek the best transaction for shareholders reasonably available” if the company decides to merge.[8]  The PSTH model has embedded structural advantages that will help sponsors structure deals that are deemed best transactions in bids for target companies.  As stated above, conventional SPAC models are fundamentally dilutive.  To the extent that a target company has to bear part of the dilution cost, or the PSTH structure helps create a superior bid for a target company, the target company’s board will have a fiduciary duty to accept the bid from the PSTH structure.

Conclusion

As SPACs continue to evolve and gain prominence as part of the toolkit for private companies to obtain liquidity, competition for capital and attractive companies to take public will intensify.  Additionally, capital from SPAC IPOs allocated for deals will start to accumulate.  Contemporaneously, M&A fiduciary laws and market forces will start to affect the evolution of SPAC transactions.  As SPACs with a similar structure to the PSTH model start to win competitive bids for attractive target companies because their structure helps create the best transaction, market forces will pressure market participants to adapt.  The composition of SPAC investors might also evolve with a change of SPACs’ structure.  Specifically, as short-term investors begin to exit the market, institutional investors looking to capitalize on the transactional and regulatory benefits of SPACs over IPOs and conventional M&A transactions might increase their SPAC investment allocation.

[1] See, SPACInsider, https://spacinsider.com/stats/.

[2] See, Investor Bulletin: What You Need to Know About SPACs, available at: https://www.sec.gov/oiea/investor-alerts-and-bulletins/what-you-need-know-about-spacs-investor-bulletin.

[3] See, Frantz Jacques, Securities Law and Digital Asset Products, Bloomberg Law (January 22, 2021).

[4] See, Skadden, Arps, Slate, Meagher & Flom LLP, The Year of the SPAC: Insights, available at: https://www.skadden.com/insights/publications/2021/01/2021-insights/corporate/the-year-of-the-spac.

[5] See, Michael Klausner, Michael Ohlrogge, and Emily Ruan, A Sober Look at SPACs, available at: https://corpgov.law.harvard.edu/2020/11/19/a-sober-look-at-spacs/.

[6] See, Special Purpose Acquisition Companies, available at: https://www.sec.gov/corpfin/disclosure-special-purpose-acquisition-companies.

[7] The PSTH Registration Statement is available at: https://www.sec.gov/Archives/edgar/data/1811882/000119312520175042/d930055ds1.htm.

[8] See, Ann Beth Stebbins & Tom Kennedy, the U.S. chapter of The International Comparative Legal Guide to: Mergers & Acquisitions 2019. 

An earlier article, Choice of Law/Forum and Waiving the Right to a Jury Trial: California Court Holds That the Former Cannot Do the Latter,[1] reviewed the William West v. Access Control Related Enterprises, LLC decision in which a California court held that a California citizen could not be required to litigate an action involving a Delaware LLC in the Delaware Chancery Court because that forum does not provide for jury trials. In a subsequent addition to the choice of law battle between California and Delaware, the Delaware Chancery Court in JUUL Labs, Inc. v. Grove held that the inspection of books and records of a Delaware corporation is governed by Delaware law notwithstanding a California statute to the contrary.[2]

Daniel Grove was a shareholder and employee of JUUL Labs, Inc. This corporation is organized in Delaware, but its principal place of business is in San Francisco. Grove demanded to inspect JUUL’s books and records under Section 1601 of the California Corporations Code, indicating that if he did not receive the requested books and records he would bring suit in California to compel inspection under California law. The California Corporations Code, at section 1601(a), purports to apply not only to corporations incorporated in California but also to “any foreign corporation keeping such records in this state or having its principal executive office in this state.” JUUL, in response, filed this action in the Delaware Chancery Court, seeking among other relief a declaration that it is Delaware, not California, law that governs Grove’s rights to inspect JUUL’s books and records. It sought further relief in the form of an injunction against Grove to prevent him from attempting to circumvent certain contractual limitations on his ability to inspect books and records. Thereafter, Grove filed an action in the Superior Court of California for the County of San Francisco seeking relief under California Corporations Code Section 1601. That action, Grove v. Adam Bowen,[3] was stayed by the California court.

The Chancery Court, after disposing of arguments that Grove had, by contract, waived his right to bring an action under California Section 1601, turned to the (frankly more interesting) question of the Internal Affairs Doctrine. That analysis began with a quotation from the decision of the United States Supreme Court, Edgar v. MITE Corp., namely:

The internal affairs doctrine is a conflict of laws principles which recognizes that only one State should have the authority to regulate a corporation’s internal affairs—matters particular to the relationships among or between the corporation and its current officers, directors, and shareholders—because otherwise a corporation could be faced with conflicting demands.[4]  

From there the court cited a number of Delaware decisions holding that the Internal Affairs Doctrine protects rights that arise under the Due Process Clause, the Full Faith and Credit Clause, and the Commerce Clause,[5] all of which may be well and good, but to this point still beg the question of exactly what actions and activities constitute “internal affairs.” It was to that question that the court next turned its attention. For the Delaware Chancery Court, it was not a close question. Rather, “Stockholder inspection rights are a core matter of internal corporate affairs.”[6] Turning its attention to the analysis previously set forth in Salzberg v. Sciavacucchi,[7] the court reviewed that decision and determined that inspection of books and records is a core internal affair.

The Chancery Court went on to compare section 1600 of the California Corporations Code, which affords access to the shareholder list, with section 220 of the Delaware General Corporation Law (DGCL), finding the California statute to be broader than that of Delaware. Likewise, the comparison of California Corporations Code section 1602, governing the inspection rights of directors, was made against DGCL section 220(d), with another determination being made that the rights under California law are broader than they are under Delaware law ultimately:

Generally speaking, the California inspection regime is not radically different from the Delaware regime, but it is not the same either. California’s precious balancing of the competing interests between stockholders and the Corporation differ from Delaware’s.[8]

Drawing a line in the sand, the JUUL court wrote:

Under constitutional principles outlined by the Supreme Court of the United States and under Delaware Supreme Court precedent, stockholder inspection rights are a matter of internal affairs. Grove’s rights as a stockholder are governed by Delaware law, not by California law. Grove therefore cannot seek an inspection under [California Corporate Code] section 1601.[9]

JUUL’s Amended and Restated Certificate of Incorporation contains an exclusive jurisdiction clause requiring that “the Court of Chancery in the state of Delaware shall be the sole and exclusive forum for any stockholder (including a beneficial owner) to bring . . . (iv) any action asserting a claim against the Corporation, its directors, officers, employees or stockholders governed by the Internal Affairs Doctrine.” On that basis, and citing Boilermakers Local 145 Ret. Fund v. Chevron Corp.,[10] it was held that the inspection of records could be brought only in the Delaware Chancery Court.[11]

So there you have it; unsurprisingly, the Delaware Chancery Court has held that the right of inspection of corporate books and records is soundly within the scope of the “internal affairs” of the Corporation, and therefore governed by the law of the jurisdiction of organization, and that a provision in the certificate of incorporation vesting exclusive jurisdiction to hear disputes with respect to internal affairs in the Delaware Chancery Court will likewise be enforced. The question the JUUL court did not resolve was whether contractual waivers of the right to inspect books and records will, when properly presented to the court, be enforced.[12] But again, that determination should be made under the Internal Affairs Doctrine.

Procedurally, Delaware courts will continue to apply its broad interpretation of “internal affairs,” and as long as exclusive jurisdiction provisions of certificates and by-laws are enforced by Delaware courts,[13] and there is no reason to think to the contrary, we could end up in a situation in which companies as a matter of ordinary course include (i) exclusive jurisdiction clauses that expressly encompass inspection of books and records and (ii) waivers of the right to inspect, whether under DGCL § 220, under the law of any other jurisdiction, or under common law. Ergo, “it would mean that 220 inspection rights could be left a functional dead letter.”[14] The question will then arise as to whether the courts of California or another state will disagree that (a) the Delaware courts have exclusive jurisdiction or (b) that inspection rights are subject to waiver, thereby setting up a true conflict as to choice of law.

Another interesting interface of a potential elimination of inspection rights will be upon the standards to bring a derivative action. Currently, Delaware imposes a high threshold for bringing a derivative action, cautioning that plaintiffs should avail themselves of DGCL § 220 inspection rights in order to plead the prospective case with the necessary degree of specificity. If by private ordering the shareholders’ right of inspection has been restricted or eliminated, will the enhanced standards for bringing a derivative action be necessarily reduced?[16] 

[1] Business Law Today (Sept. 2020).

[2] 238 A.3d 904 (Del. Ch. 2020).

[3] Superior Court of California, CGC20582059.

[4] 457 U.S. 624, 645 (1982) (citing Restatement (Second) of Conflict of Laws § 302 cmt. b. (1971)).

[5] 238 A.3d at 914.

[6] 238 A.3d at 915.

[7] 227 A.3d 102 (Del. 2020).

[8] 238 A.3d at 917.

[9] 238 A.3d at 918.

[10] 73 A.3d 934, 963 (Del. Ch. 2013).

[11] 238 A.3d at 919.

[12] 238 A.3d at 919-20.

[13] See Salzberg v. Sciabacucci, 227 A.3d 102 (2020); see also Gabriel K. Gillett, Michael F. Linden, and Howard S. Suskin, Delaware Supreme Court Declares Federal Forum Provisions in Corporate Charters Are “Facially Valid,” Business Law Today (April 2, 2020).

[14] See Professor Ann Lipton (Tulane Law) in a posting on the Business Law Prof Blog on August 15, 2020, titled The United States of Delaware.

[15] See AmerisourceBergen Corporation v. Lebanon County Employees’ Retirement Fund, 243 A.3d 417 (Del. 2020) (“For over a quarter-century, this Court has repeatedly encouraged stockholders suspicious of a corporation’s management or operations to exercise this right to obtain the information necessary to meet the particularization requirements that are applicable in derivative litigation.”); Id. collecting case at note 33.

[16] While this is not the place for a full exploration thereof, there exists a significant policy question with respect to whether, particularly in closely held ventures, limitations on inspection of books and records should be permitted. While it is necessary to balance the need of the corporation or other legal entity to operate in accordance with the directions of its management, eliminating access to books and records allows those fiduciaries the benefit of operating without oversight. See also Thomas E. Rutledge, Who Will Watch the Watchers?: Derivative Actions in Nonprofit Corporations, 103 Kentucky Law Journal Online 31 (2015). The hazard is obvious.

The economic impact of COVID-19 has been almost universal, yet some economies appear to be recovering more quickly than others. Comparing some of the major components of select stimulus programs in Germany, Singapore, and the United Kingdom in response to the economic downturn may help explain the different economic recovery rates. Yet, despite huge variations in legal systems, population, geography, and culture in the countries analyzed, we found significant uniformity in the programs implemented, with the contrasts akin to variations on a theme. 

Early Responses

Each country under review announced large stimulus packages between February and May 2020. Germany adopted a $844 billion[1] package comprised of a $175 billion stimulus program and $675 billion worth of loans and loan guarantees to struggling companies. The UK’s response, announced on March 17, 2020, also included large loan guarantee schemes, including two parallel programs: one for large companies (the “CLBILS”) and one targeting small and medium-sized enterprises (the “CBILS”). Singapore implemented five separate stimulus packages between February 18 and May 26, 2020, totaling approximately $71.8 billion. 

All three countries quickly instituted wage subsidy programs, with the German government providing a minimum of 60 percent of employee salaries, Singapore providing 50 percent (later increased to 75 percent), and the UK providing 80 percent of furloughed employees’ salaries. As of early July 2020, the UK’s furlough program had supplemented 9 million employees’ wages while another program supported an additional 2.7 million self-employed persons. Singapore also instituted a Wage Credit Scheme to provide government funding for employee wage increases given in 2019 or early 2020. These programs assuaged some of the economic pain caused by huge spikes in unemployment as lockdowns took effect in the second quarter of 2020. (See the representative graphs here for Germany, here  for Singapore, and here for the UK.)

In addition, Germany announced a three-month payment moratorium on consumer loans issued prior to March 15, 2020 for households financially impacted by the pandemic. Singapore provided individuals and businesses with assistance to make insurance premium payments, and the UK Financial Conduct Authority requested that firms freeze payments on loans and credit cards for up to three months in April 2020. 

Summer 2020 Packages

Generalized worker and company support programs

On June 29, 2020, the German Parliament passed a $146 billion package establishing and funding a number of programs designed to support workers and prop up struggling companies. The package provided families with an approximate $350 per child payment, doubled the single-parent income tax allowance to $4,500, and extended access to basic income support through the balance of 2020. On July 8, 2020, Germany provided $28 billion in bridging grants to companies to cover fixed operating costs. Companies with more than 10 employees could obtain grants capped at $169,000 depending on how steeply the company’s sales revenue had declined.

On July 8, 2020, the UK announced a “Plan for Jobs” estimated to cost up to $37.5 billion. Similar to Germany’s June 2020 stimulus package, the UK Plan included a number of programs designed to support workers and companies. The Plan extended some programs and established others, including the “Kickstart Scheme,” which provided $2.5 billion to create hundreds of thousands of six-month work placements for those aged 16 to 24 and deemed to be at risk of long-term unemployment, and the Job Retention Bonus, which provided a one-off payment of approximately $1,250 to UK employers for every furloughed employee who remained continuously employed through January 2021. 

Singapore’s Summer 2020 efforts largely extended and supplemented already established programs. Eligibility for the Workfare Special Payment, a grant to low-wage workers, was widened, and the Job Support Scheme was extended to cover employee wages until March 2021. The COVID-19 Support Grant, introduced in May 2020 to provide grants to unemployed applicants that demonstrate job search or training efforts, was also extended. In August 2020, Singapore announced the Jobs Growth Incentive (JGI), a $718 million program to encourage firms to increase their headcount of local workers, reallocating funding chiefly from development expenditures delayed due to the pandemic.   

Targeted programs

Each country targeted specific portions of their Summer 2020 stimulus programs to assisting particularly hard-hit sectors of the economy, as well as investing significant chunks to upgrade infrastructure and support industries of the future.

To shore up restaurants and pubs, the UK created the “Eat Out to Help Out” program, which provided diners with a 50% discount on meals and non-alcoholic drinks purchased at eateries during August 2020. The government also reduced the VAT rate from 20% to 5% at restaurants, hotels, and tourist attractions. Singapore provided its highest level of wage subsidies to employees working in the hardest-hit sectors, namely aerospace, aviation, and tourism. Singapore also provided a standalone relief package for airlines and their employees, and $230 million in vouchers to Singaporeans for use at local attractions, to offset the loss of dollars from now-nonexistent foreign tourists.

The stimulus programs also focused on technology, digitalization and sustainability. Germany’s June 2020 stimulus featured a $56 billion “future investment package” that included a doubling of the electric car buyer rebate to $6,750, $2.8 billion in e-charging facility upgrades, electric-powered bus and truck purchases, and battery cell production, $5.6 billion to the railway company Deutsche Bahn to support modernization, expansion, and electrification of the railway system, and $10 billion to research and develop hydrogen fuel technology with the hope of becoming a world leader in the space. Billions more were invested to retrofit buildings, build out 5G infrastructure, research artificial intelligence, and build “at least two” quantum computers.

The UK introduced a $2.5 billion Green Homes Grant, providing $2 for every $1 spent on home energy efficiency upgrades. The Plan for Jobs established and funded more environmental programs to promote decarbonization of public buildings, to support environmental charities, to promote direct air capture of CO2, and to develop the next generation of clean automotive technology.  The UK also announced $6.25 billion put toward the acceleration of certain infrastructure projects to support both the economy and the transformation of the nation’s infrastructure.

Fall 2020 Stimulus

In October 2020, Singapore announced a six-month extension of its Enhanced Training Support Program for the hardest-hit sectors and expanded it to provide benefits to companies and workers in the marine and offshore sector. Eligibility for Singapore’s JGI was widened to provide 50% wage support for all new hires with disabilities. The Temporary Bridging Loan Program, providing companies access to low interest, government-guaranteed loans of up to $718,000, was extended six months. The government also provided grocery vouchers to individuals, extended COVID-19 Support Grants for the unemployed, and established a new “baby bonus” to encourage families to have children. 

Similarly, the UK abandoned plans to end several stimulus programs in late Fall 2020, extending wage subsidies and grants to the self-employed and reducing VAT rates. The Bank of England continued its quantitative easing program, agreeing on November 5, 2020 to purchase $187 billion of government bonds to promote lowered borrowing costs for consumers and businesses. The Bank also maintained the benchmark interest rate at 0.1%. In November 2020, Germany extended the enhanced electric vehicle subsidy to 2025. It also provided an additional $16 billion to cover fixed costs of companies and solo entrepreneurs affected by the lockdown re-imposed in November, capped at $225,000 and $5,625 respectively.

The Fall 2020 stimulus packages again emphasized investments in infrastructure and the future.  Singapore funded upgrades at the Changi Air Hub, a major driver of the nation’s economy.  Singapore also dedicated funds to the development of the Tuas Port, with the first berths scheduled to be operational in 2021. When fully completed in 2040, the Tuas Port will be the world’s largest fully automated terminal. 

On November 15, 2020, UK Prime Minister Johnson announced his $15 billion “Ten Point Plan for a Green Industrial Revolution.” The plan called for funding of hydrogen fuel technology, a quadrupling of offshore wind power by 2030, and investments in small, advanced nuclear reactors. Its proposal to ban sales of new gasoline and diesel cars by 2030 grabbed the media’s attention. On November 25, 2020, a $125 billion National Infrastructure Plan was announced as part of the annual Spending Review. The plan seeks to upgrade the nation’s roadways, railways, and develop a network of fiber broadband cables. A billion pounds were set aside for building retrofits, and another billion to “future-proof” the electricity grid along motorways and to support the installation of high-powered charging hubs at motorway service areas by 2023.

Recent Stimulus

Stimulus efforts continued in December 2020 and into 2021. Germany announced a $12.3 billion package to support companies impacted by the shutdown over the 2020 Christmas season, and Chancellor Merkel stated additional “large sums” could be deployed in 2021. Singapore moved into Phase 3 of its reopening plan on December 28, 2020, and has not reported more than one new case of locally transmitted COVID-19 in a single day since February 13, 2021. The country continues to seek ways to reopen to international travel, including constructing the Connect@Changi bubble to permit international business travelers to meet in Singapore. It also implemented new support measures for the finance industry and the local construction industry. The UK extended the furlough and business loan schemes, announced new grant programs, including a $1,250 Christmas grant for pubs, and announced new rounds of funding for Scotland, Wales, and Northern Ireland, which can be spent on business support and COVID-19 medical response efforts, among other things. 

Conclusion

Each country is projected to bounce back to positive growth in 2021, with the IMF projecting annual GDP growth rates of 3.5%, 4.5%, and 5% for Germany, the UK, and Singapore respectively. There is, of course, a good deal of uncertainty regarding those projections with so much still unknown regarding the efficacy, manufacture, and distribution of vaccines, whether the emergence of new virus variants will slow down containment, and whether governments will continue to spend to support their respective economies. One thing that looks increasingly clear, however, is that the multitude of programs discussed above cushioned the economic blow dealt by the virus, and provided some much-needed breathing space (literally and figuratively) as well as a platform for a hoped-for economic resurgence in 2021 and beyond. 

[1] For ease of comparison, all currencies have been converted to US dollars.  The exchange rates were taken as of July 1, 2020, and are as follows: $1 = €0.889 = £0.801 = S$1.394. 

While some forms of payments fraud have existed for centuries (like forged checks), others have emerged more recently. And as banking technology and payment methods evolve, fraudsters are doing their part to keep pace, including by updating classic payment fraud schemes to take advantage of the COVID-19 pandemic. Payments fraud generally falls into two categories:

• unauthorized payments – such as unauthorized ACH debits, altered or forged checks, or transactions initiated after an account takeover; and
• scams – such as fraudulently induced payments, “bad check” scams, and revocable payment fraud.

Some of these traditional fraud schemes have been tailored to take advantage of the pandemic situation by targeting vulnerable consumers (e.g., through imposter or work-from-home scams) and state unemployment agencies, which are defrauded when criminals use consumers’ stolen personally identifiable information (PII) to fraudulently apply for unemployment insurance in the victim’s name, then transfer funds through a “money mule” account.

 A variety of different laws, regulations, and payment system rules are relevant to payments fraud, and different rules apply based on the type of transaction and nature of the fraud.

Core laws applicable to payments fraud include:

• For check transactions: UCC Article 3 – Negotiable Instruments[1], and Article 4 – Bank Deposits and Collections[2];
• For consumer electronic fund transfers: the Electronic Fund Transfer Act[3] and its implementing regulation, Regulation E[4]; and
• For commercial funds transfers: UCC Article 4A – Funds Transfers.

Other laws may also have relevance, such as the various prohibitions on unfair, deceptive and abusive acts or practices (UDAAP), anti-money laundering requirements under the Bank Secrecy Act[5] (BSA), and the privacy and data security requirements for financial institutions under the Gramm-Leach-Bliley Act[6] (GLBA). Further, private sector payment system rules, such as the NACHA Operating Rules for ACH[7], may also apply, particularly with respect to the allocation of loss between financial institutions. Which laws apply, and how, may depend on characteristics of the transaction, including the payment channel, whether the payment was unauthorized or resulted from a scam, and whether it is a consumer or commercial transaction.

Check Fraud

Traditional types of check fraud include check alteration (e.g. changes to the payee or amount of a check), check forgery (a forged drawer’s signature), counterfeit checks, and bad check scams (where a consumer receives a bad check, deposits it, and is asked to send some or all of the provisionally credited funds to a third party).

The UCC generally requires a paying bank to recredit its customer’s account when it pays an unauthorized check, which provides customers protection against checks that are not properly payable. In addition, transfer and presentment warranties determine the allocation of loss between the depositary bank and the paying bank.[8] Whereas, in a bad check scam, the loss is likely to fall on the consumer who deposited the bad check when the check is returned unpaid by the paying bank. In these bad check schemes, fraudsters take advantage of a victim’s lack of understanding of payment system functionality and applicable legal framework by instructing the victim to transfer funds through an irrevocable payment channel (wire transfer) or a method that is difficult to trace and recover (purchasing and mailing a prepaid card) once the depositary bank provisionally credits the funds.

Wire Transfer Scams

Business email compromise (BEC) is a sophisticated form of payments fraud that has emerged in recent years. BEC targets businesses in which employees are tricked into sending funds to a fraudster (typically by wire transfer, but sometimes an ACH credit transfer). BEC is carried out through the compromise of legitimate email accounts and social engineering. Many large banks have taken action to try and prevent their customers from falling victim to BEC, including extensive education campaigns.

For commercial transactions, the allocation of loss that results from a BEC scam between the commercial customer and the bank is determined by Article 4A’s security procedure framework. In particular, the commercial customer (Sender) is not liable to the Sending Bank for a funds transfer that was not authorized. However, the transfer can be deemed “authorized” if the Sending Bank verified the authenticity of the instruction using a mutually agreed upon “security procedure,” the security procedure is commercially reasonable, and the bank accepted the payment order in “good faith” and in compliance with the security procedure.

COVID-19 Scams

Fraudsters have taken advantage of the COVID-19 pandemic to target vulnerable consumers, such as the elderly and unemployed. These scams provide a new twist on classic payment fraud schemes, and have taken various forms, including:

• those involving government impersonators;
• fraudulent cures, medical equipment or charities;
• work-from-home fraud;
• contact tracing scams; and
• scams relating to the CARES Act Economic Impact Payments.

These criminal acts may involve an “imposter scam” scenario, or utilize the “bad check” or fraudulently induced wire transfer schemes, with legal responsibility for the loss determined by existing payment laws and regulations as applicable.

Fraudsters have also targeted state unemployment agencies with scams in which a criminal submits fraudulent unemployment insurance claims using consumers’ stolen personally identifiable information (PII), and instructs payments to accounts controlled by money mules (generally by ACH), who themselves may be either witting or unwitting participants and may be lured to participate through good-Samaritan, romance, and work-from-home schemes. This type of fraud has been facilitated by recent large scale data breaches that led to widespread access to consumer PII that can be used to perpetrate payments fraud and for other illicit purposes, such as identity theft.

Notably, FinCEN has released advisories providing financial institutions guidance on potential red flags of such schemes for purposes of Suspicious Activity Reporting obligations under the Bank Secrecy Act, including where a customer receives multiple state unemployment insurance payments to their account within the same disbursement timeframe from one or multiple states, or receives an unemployment insurance payment from a different state from where the customer lives or works.[9]

Policy Considerations

As banks undertake more measures to help customers avoid becoming victims of payments fraud schemes, it is important to consider whether by doing so they are altering the “delicate balance” of interests contemplated under existing loss allocation rules for fraudulent payments and, if so, how that may impact the availability and pricing of certain types of payments in the future.

[1] UCC §§ 3-101 et seq.

[2] UCC §§ 4-101 et seq.

[3] 15 USC §§ 1693 et seq.

[4] 12 CFR Part 1005

[5] 31 USC §§ 5311 et seq.

[6] 15 USC §§ 6801 et seq.

[7] See https://www.nacha.org/rules/operating-rules.

[8] For example, under the UCC, the depositary bank generally bears the loss for improper endorsements and alterations, while the paying bank generally bears the loss for a forged drawer’s signature or a counterfeit check. These UCC provisions reflect the long-standing rule from Price v. Neal, 3 Burr. 1354, 97 Eng. Rep. 872 (KB. 1763).

[9] FIN-2020-A003, 2020 Advisory on Imposter Scams and Money Mule Schemes Related to Coronavirus Disease 2019 (COVID-19) (July 7, 2020), available at: https://www.fincen.gov/sites/default/files/advisory/2020-07-07/Advisory_%20Imposter_and_Money_Mule_COVID_19_508_FINAL.pdf.

Most-Favored Nations (MFN) clauses (also known as antidiscrimination clauses or most-favored customer clauses) are common in business today. These provisions require that the supplier will treat a particular customer no worse than all other customers (and sometimes even better).  They are often coupled with some sort of monitoring mechanism, such as the power to audit the supplier.  For example, imagine a flour mill signs a requirements contract with Bakery A that contains an MFN clause.  The mill cannot then turn to Bakery B and offer the flour at a lower price without either a) offering the same to Bakery A or b) breaching the requirements contract.  These clauses can extend beyond price to other contractual terms and conditions (e.g., product release dates, promotional prices, or product offerings).

Common as they may be, a series of lawsuits out of New York and California will subject those very clauses to scrutiny under U.S. antitrust law.  First, a class action suit against Amazon and the five largest book publishers in the United States—Hachette Book Group, HarperCollins Publishers, Macmillan Publishing Group, Penguin Random House, and Simon & Schuster (the “Big Five”)—alleges that MFN clauses in ebooks agency contracts amount to an illegal price-fixing agreement.[1]  The suit echoes a 2012 suit against Apple and the Big Five that culminated in a consent decree restricting the use of MFN clauses that prevented ebook retailers from adding their own discounts. 

The second class action accuses Valve, Inc. of using MFN clauses in its contracts with game developers—both big (Ubisoft) and small (Rust)—to maintain its monopoly in personal computer video game sales through its online marketplace Steam as well as stifle competition more generally.  The complaint alleges that the MFN clauses cause game prices across online marketplaces to be the same even though stores like the Epic Games Store take a smaller commission than Valve.  Rather than pass those savings on to the consumer, the developers must maintain higher prices to remain profitable on Steam. 

While the suits target different markets, they boil down to the same issue: when do MFN clauses become anticompetitive?  As the panels to a day-long public workshop on these types of clauses by the 2012 Department of Justice and Federal Trade Commission indicate, it depends on the market at issue, the contracting parties, and the effect on that market.  On the one hand, MFN clauses are practical and advantageous in that they eliminate the purchaser’s risk in negotiating a bad deal under unstable pricing conditions, reduce transaction costs in re-negotiating agreements upon discovery of lower prices, and are generally benign when market power is absent.  On the other hand, MFN clauses as a price-monitoring mechanism can be used to facilitate collusion amongst competitors; discounts to the purchaser’s competitors and new market entrants, regardless of their size, are effectively foreclosed, resulting in increased prices overall.  For these reasons and more, MFN clauses alone are subject to the rule of reason—a lenient standard that requires a rigorous market analysis.

So, what made Amazon and Valve targets for these suits? Market power.  Amazon was public enemy number two (second only to Google) in the House Judiciary Committee’s antitrust report on competition in digital markets, which denounced Amazon’s impact on small- and medium-sized enterprises dependent on the monopolist’s platform.  A humble bookseller no more, the class action alleges that Amazon now enjoys a stunning 90% of the ebook market.  As for Valve, European antitrust regulators recently fined them 1.6 million euros (approx. $2 million) for the practice of restricting access to games based on physical location, which the European Commission deemed an illegal partition of the Digital Single Market. And U.S. regulators may turn towards Valve if the class action is correct in asserting that 75% of all PC games sold in the United States are through Steam.  Both companies have inordinate market share for online sales at a time when antitrust enforcement is experiencing a renaissance and the digital economy is subject to exacting scrutiny. 

The suits should not be a cause for alarm for most companies using MFN clauses.  After all, when small purchasers in unconcentrated markets use MFN clauses to reduce price fluctuations or to commit to a long-term business relationship, courts should recognize that the economic efficiencies outweigh the anticompetitive effects.  But when big tech closes off competition by maverick firms, keeps a watchful eye on its supplier through auditing rights or algorithmic pricing, and guarantees dominance over an extended period of time, it is no surprise that consumers, competitors, and Congress cry foul.  MFN clauses have a time and a place, but it is not at the top.

The United Kingdom Government introduced a National Security and Investment Bill (the “Bill”) to Parliament in November 2020. It passed the House of Commons on 20 January 2021 and will now make its way through the House of Lords. When enacted, the Bill will give the Government unprecedented new powers to investigate and block corporate deals that it suspects might threaten the security of the UK, with potentially thousands of deals having to be pre-notified and cleared by the Government each year. While it is not limited to foreign investment, non-UK investors may attract additional scrutiny. Deal-makers will therefore now need to navigate a new regulatory regime that is much more onerous than the current limited national security intervention powers, and in addition to the usual UK merger control rules.

This piece looks at the background to the Bill, the mandatory notification procedure it will introduce,  the Government’s powers to ‘call-in’ other deals for review, how it will assess national security risks and the potential implications of the Bill for investors.

The Bill a Government white paper, a Parliamentary Select Committee inquiry, and various interim measures stemming from concern over foreign investment in UK assets, including Chinese investment in the Hinkley Point nuclear power plant and Huawei’s involvement in the UK 5G network. There have also been allegations of ‘aggressive acquisitions’ during the COVID-19 pandemic, with the Government giving itself new intervention powers to protect the UK’s capability to combat public health emergencies. There was therefore little surprise when the Government announced a new framework to allow further scrutiny of transactions and investments. At present, the UK Government can only intervene in a transaction on national security grounds where the deal meets the thresholds for UK merger control. The bar for that has recently been lowered for targets with potential national security implications in order to facilitate more Government intervention, but the Bill will replace that regime with a greatly expanded role for the State.

First, the Bill will introduce a pre-closing notification obligation for certain deals, which the Government estimates will catch over 1,000 transactions per year. Second, it will empower the Government to ‘call-in’ acquisitions it considers may give rise to a national security risk, up to five years after the deal has completed. As an anti-avoidance measure, the latter power will apply to any deal completed on or after 12 November 2020 (the day after the Bill was introduced to Parliament).

Mandatory Notification

Scope

The obligation to notify the of a deal will arise where an investor acquires a right or interest in a “qualifying entity” that participates in particular activities within certain key sectors. A qualifying entity can be any form of legal entity (e.g. a company, partnership or trust) and includes non-UK entities that carry on activities in the UK or supply goods or services to persons in the UK. The Bill gives the Government wide powers to make regulations specifying the sectors of the economy and the types of transaction and activity that will engage the notification obligation.

The Government launched a public consultation on the sectors and deals it proposes should be covered, which closed in early January. The results have not yet been announced so it remains to be seen whether the responses will affect the Government’s plans, but the consultation identified 17 sectors as raising potential concerns. These include not only the most obvious candidates but also broad categories that may not have immediately obvious national security implications. The proposed sectors are:

• Advanced Materials
• Advanced Robotics
• Artificial Intelligence
• Civil Nuclear
• Communications
• Computing Hardware
• Critical Suppliers to Government
• Critical Suppliers to the Emergency Services
• Cryptographic Authentication
• Data Infrastructure
• Defence
• Energy
• Engineering Biology
• Military and Dual-Use Technologies
• Quantum Technologies
• Satellite and Space Technologies
• Transport

There is no minimum target turnover or deal value threshold for the notification obligation to apply, and it will catch deals involving non-UK entities that are active in the UK.

Level of Control

A “notifiable acquisition” will arise where the transaction results in the acquiring person either acquiring a right or interest equivalent to at least 15% of the shares or voting rights in the target, or gaining control over the target. Gaining control of an entity means acquiring either:

• more than 25% of the shares or voting rights, with a new notifiable acquisition if an existing shareholder passes thresholds of 50% or 75%; or
• voting rights that enable the acquirer to ensure or prevent the passage of any class of resolution.

Consequences

The Bill provides that a notifiable acquisition will be void if it completes without Government approval. It is not clear what that will mean in practice. Most obviously, it would mean that the terms of the deal would be legally unenforceable. If the parties were content to implement the deal regardless, the Government would have the same powers to unwind a non-notified deal as it has under the voluntary regime (see below).

There will also be very significant corporate and personal consequences for failing to clear a notifiable acquisition. A person who completes such a deal (including any director, manager etc. of a body corporate) risks a criminal conviction with up to five years imprisonment, an unlimited fine, or both. Alternatively, the Government will be able to impose civil penalties of up to the greater of 5% of turnover or £10 million.

Unlike the voluntary regime, the mandatory notification obligation will not have effect so will not affect deals closed prior to the Bill becoming law. However, investors in UK businesses (and businesses with UK interests) should follow the Bill with keen interest, in anticipation of being faced with a significant new regulatory hurdle in 2021.

The ‘Call-in’ Regime and Voluntary Notification

The Bill does not just create risk for deals that qualify as notifiable acquisitions; it also empowers the Government to ‘call-in’ non-notifiable deals for review where it perceives national security concerns.

Scope

This power will exist where a “trigger event” takes place in relation to a “qualifying entity” (see above) or a “qualifying asset”, and the Government thinks the deal could create a national security risk.

The term “qualifying asset” covers a very broad range of assets, including land and corporeal moveable property as well as “ideas, information or techniques which have industrial, commercial or other economic value” (the Bill gives the examples of trade secrets, databases, source code, algorithms, formulae, designs, software, and plans, drawings and specifications). In each case, the asset must be either within the UK or its territorial sea (in the case of land or corporeal property), or otherwise used in connection with activities carried on in the UK or the supply of goods and services to persons in the UK.

A “trigger event” will occur where a person gains control of a qualifying entity or asset. Control of an entity is defined as explained above (and so the 15% threshold does not apply to the call-in power), or where the acquirer gains material influence over the target’s policy (reminiscent of the ‘control’ test in UK merger control). For an asset, gaining control means a person acquiring a right or interest in, or in relation to, the asset that makes them able to use the asset or direct or control how it is used (or able to use it / direct its use to a greater extent). There is, again, no minimum turnover or deal value threshold.

These very broad definitions will give the Government a call-in power over essentially any type of deal where a national security risk might be identified.

Timings

The call-in power can be invoked within six months of the Government becoming aware of the trigger event, up to a maximum of five years after the trigger event. This extremely long window is intended to ensure no transactions slip through the net, either by accident or by design.

This lengthy risk period can be avoided by voluntarily sending notification of the relevant transaction (either before or after completion) to a new Investment Security Unit under the remit of the Business Secretary. As with merger control, it will be for the Government to decide whether the notification contains sufficient information, which means it will control the clock. Once the Government accepts the notification it will have 30 working days to decide whether to call-in the deal for further investigation over an additional 30 working day period (extendible to 75 working days).

A key point to note is that all deals completed after 12 November 2020 will come within the scope of the call-in regime, with the six month / five year periods only commencing when the relevant provisions of the Bill take effect. This anti-avoidance measure means the Bill must already be factored into deals that might raise UK national security considerations, particularly because the process to have a deal cleared via voluntary notification will not even become available until the Bill is fully enacted and in force. In the interim period, parties will have no option but to decide whether to proceed at risk.

Consequences

Where the Government identifies a risk to national security it can impose remedies to prevent, remedy or mitigate that risk. The Bill gives a wide discretion on the remedies that can be imposed, but options are likely to include:

• unwinding a completed deal (e.g. by divestment of the relevant entity or asset);
• prohibiting a deal that has not yet been completed;
• requiring the business to appoint someone to supervise and potentially control any activities that would cause a national security concern; and
• operational restrictions, such as making UK security clearance a condition of a person accessing particular information, working at a particular site, taking part in certain operations, or even holding a management role in the organisation.

If a completed deal is called-in or notified, the Government will be able to impose interim orders to prevent the review process being frustrated, most obviously by prohibiting the acquirer from integrating the acquired business or asset into its own operations. Such orders are routinely made in merger control cases, but may well be even stricter in the national security context.

In a further parallel with UK merger control (also, in principle, a voluntary regime), the potential consequences of completing a deal only for it to be called-in for review – including the administrative and financial burden of complying with an interim order, as well as the substantive risk of a forced sale of the entity or asset purchased – mean that buyers and investors are likely to err on the side of caution and try to make any deal that might have national security implications conditional on Government clearance.

Interestingly (and very much unlike merger control), the Bill confers a power on the Government to give financial assistance to an entity in consequence of an order. That perhaps reflects a principle that the State should meet at least part of any additional cost incurred by a private entity as a result of measures imposed on national security grounds.

How Will National Security Risks Be Assessed?

The Bill does not define potential risks to national security in any meaningful sense. However, the Government has published a draft ‘Statement of Policy Intent’ describing how it expects to use the call-in power.

The Government expects to consider three risk factors:

1. Target risk: the entity or asset subject to the trigger event could be used to undermine UK national security (e.g. the entity or asset plays a key role in national security matters or could, simply because of its nature, put national security at risk if it fell into the ‘wrong’ hands – there is likely to be significant overlap here with the sectors identified for mandatory notification);
2. Trigger event risk: the acquisition itself could undermine national security (e.g. because it could facilitate unauthorised access to sensitive information, or give a hostile actor leverage over the UK in other matters); and
3. Acquirer risk: the identity of the acquirer would give rise to national security concerns.

On the latter risk, a range of factors would need to be considered on a case-by-case basis, but the nationality of the acquirer – while not formally part of any test under the Bill – will surely be a key issue. However, concerns will not necessarily be limited to nationals of hostile states: in 2019 the UK Government intervened in the acquisition of the British satellite telecommunications company Inmarsat plc by Connect Bidco, a US-UK-Canadian joint venture, obtaining undertakings to ensure the maintenance of strategic services and prevent unauthorised access to sensitive information.

The various risks will be considered in combination – for example, the draft Statement of Policy Intent notes that a pension fund investing in UK infrastructure would involve a target risk but no acquirer risk.

Use and Application

At this point, it is only possible to speculate as to how strictly the Government will apply the powers in the Bill and, in particular, how many deals will need to be notified pursuant to the Bill. By the Government’s own estimate, however, mandatory filings alone will result in between 1,000 and 1,830 notifications per year.

For the voluntary regime, and notwithstanding that the draft Statement and other guidance documents give some indication of how risks will be assessed, it will take time to build up a body of precedent that will allow buyers to consider when to notify. Even that may be complicated by the need for confidential decisions in light of the obvious sensitivities. Buyers are therefore likely to err on the side of caution for some time, in which case the Government should also expect to receive a large number of voluntary notifications.

There will therefore be an enormous increase in the number of cases dealt with compared to the current public interest intervention regime, under which only 12 transactions have been reviewed on national security grounds since 2003 (albeit with a recent uptick following reductions to the applicable turnover thresholds, including the frustration of Chinese-backed Gardner Aerospace Holdings’ proposed acquisition of Impcross, a UK manufacturer of aerospace components).

The Bill will impose a strict and wide-ranging new regime that has the potential to cause significant disruption to deals and investments. It is essential that investors, sellers and advisers are aware of the risks involved, including for any deal completed after 12 November 2020, and plan their transactions accordingly.